- •Table of Contents
- •Dedication
- •Foreword
- •Introduction
- •What Is FreeBSD?
- •How Did FreeBSD Get Here?
- •The BSD License: BSD Goes Public
- •The Birth of Modern FreeBSD
- •FreeBSD Development
- •Committers
- •Contributors
- •Users
- •Other BSDs
- •NetBSD
- •OpenBSD
- •Other UNIXes
- •Solaris
- •Linux
- •IRIX, HPUX, etc.
- •FreeBSD's Strengths
- •Portability
- •Power
- •Simplified Software Management
- •Optimized Upgrade Process
- •Filesystem
- •Who Should Use FreeBSD
- •FreeBSD as Your Desktop
- •Who Should Run Another BSD
- •Who Should Run a Proprietary Operating System
- •How to Read This Book
- •What Must You Know?
- •How to Think About UNIX
- •Channels of Communication
- •Working with Channels
- •The Command Line
- •Chapter 1: Installation
- •FreeBSD Hardware
- •Processor
- •Memory (RAM)
- •Hard Drives
- •Downloading FreeBSD
- •Installing by FTP
- •Other FTP Install Information
- •Hardware Setup
- •Actually Installing FreeBSD
- •Configuring the Kernel for ISA Cards
- •Sysinstall: The Ugly FreeBSD Installer
- •Disk Usage
- •Partitioning
- •Root
- •Swap Space
- •Swap Splitting
- •/var, /usr, and /home
- •A Second Hard Drive
- •Soft Updates
- •Block Size
- •What to Install
- •Installation Media
- •Committing
- •Root Password
- •Adding Users
- •Time Zone
- •Mouse
- •Configuring Network Cards
- •Xfree86
- •Software
- •Restart
- •A Note on Editors
- •Chapter 2: Getting More Help
- •Why Not Mail First?
- •The FreeBSD Attitude
- •Man Pages
- •The FreeBSD Manual
- •Man Page Headings
- •The FreeBSD Documentation
- •The Mailing List Archives
- •Other Web Sites
- •Checking the Handbook/FAQ
- •Checking the Man Pages
- •Checking the Mailing List Archives
- •Using Your Answer
- •Mailing for Help
- •Chapter 3: Read This Before You Break Something Else! (Backup and Recovery)
- •Overview
- •System Backups
- •Tape Devices
- •How to Read Dmesg.boot
- •Controlling Your Tape Drive
- •Device Nodes
- •Using the TAPE Variable
- •The mt Command
- •Backup Programs
- •Dump/Restore
- •Restoring from an Archive
- •Checking the Contents of an Archive
- •Extracting Data from an Archive
- •Restoring Interactively
- •Recording What Happened
- •Revision Control
- •Getting Older Versions
- •Breaking Locks
- •Viewing Log Messages
- •Reviewing a File's Revision History
- •Ident and ident Strings
- •Going Further
- •The Fixit Disk
- •Chapter 4: Kernel Games
- •Overview
- •What Is the Kernel?
- •Configuring Your Kernel
- •Sysctl
- •Changing Sysctls
- •Setting Sysctls at Boot
- •Kernel Configuration with Loader.conf
- •Manually Configuring the Loader
- •Viewing Loaded Modules
- •Loading and Unloading Modules
- •Customizing the Kernel
- •Preparation
- •Your Backup Kernel
- •Editing Kernel Files
- •Basic Options
- •Multiple Processors
- •Device Entries
- •Building Your Kernel
- •Troubleshooting Kernel Builds
- •Booting an Alternate Kernel
- •Adding to the Kernel
- •LINT
- •Fixing Errors with Options
- •Tweaking Kernel Performance
- •Sharing Kernels
- •Chapter 5: Networking
- •Overview
- •Network Layers
- •The Physical Layer
- •The Physical Protocol Layer
- •The Logical Protocol Layer
- •The Application Layer
- •The Network in Practice
- •Mbufs
- •What Is a Bit?
- •Ethernet
- •Broadcasting
- •Address Resolution
- •Hubs and Switches
- •Netmasks
- •Netmask Tricks
- •Hexadecimal Netmasks
- •Unusable IP Addresses
- •Routing
- •Network Ports
- •Connecting to an Ethernet Network
- •Multiple IP Addresses on One Interface
- •Using Netstat
- •Chapter 6: Upgrading FreeBSD
- •Overview
- •FreeBSD Versions
- •Release
- •Snapshots
- •Security Updates
- •Which Release Should You Use?
- •Upgrade Methods
- •Upgrading via Sysinstall
- •Upgrading via CVSup
- •Simplifying the CVSup Upgrade Process
- •Building a Local CVSup Server
- •Controlling Access
- •Authentication
- •Combining Authentication and Access
- •Chapter 7: Securing Your System
- •Overview
- •Who Is the Enemy?
- •Script Kiddies
- •Disaffected Users
- •Skilled Attackers
- •FreeBSD Security Announcements
- •Subscribing
- •What You'll Get
- •Installation Security Profiles
- •Moderate
- •Extreme
- •Root, Groups, and Permissions
- •The root Password
- •Groups of Users
- •Primary Group
- •Some Interesting Default Groups
- •Group Permissions
- •Changing Permissions
- •Changing File Ownership
- •Assigning Permissions
- •File Flags
- •Viewing a File's Flags
- •Setting Flags
- •Securelevels
- •Setting Securelevels
- •Which Securelevel Do You Need?
- •What Won't Securelevel and File Flags Do?
- •Living with Securelevels
- •Programs That Can Be Hacked
- •Putting It All Together
- •Chapter 8: Advanced Security Features
- •Traffic Control
- •Default Accept vs. Default Deny
- •TCP Wrappers
- •Configuring Wrappers
- •Daemon Name
- •The Client List
- •Putting It All Together
- •Packet Filtering
- •IPFilter
- •IPFW
- •Default Accept and Default Deny in Packet Filtering
- •Basic Concepts of Packet Filtering
- •Implementing IPFilter
- •Configuring Your Server to Use Jail
- •Configuring Your Kernel to Use Jail
- •Client Setup
- •Final Jail Setup
- •Starting the Jail
- •Managing Jails
- •Shutting Down a Jail
- •Monitoring System Security
- •If You're Hacked
- •Chapter 9: Too Much Information About /etc
- •Overview
- •Varieties of /etc Files
- •Default Files
- •/etc/defaults/rc.conf
- •/etc/adduser.conf
- •/etc/crontab
- •/etc/dhclient.conf
- •/etc/fstab
- •/etc/hosts.allow
- •/etc/hosts.equiv
- •/etc/hosts.lpd
- •/etc/inetd.conf
- •/etc/locate.rc
- •/etc/login.access
- •/etc/login.conf
- •Specifying Default Environment Settings
- •/etc/mail/mailer.conf
- •/etc/make.conf and /etc/defaults/make.conf
- •/etc/master.passwd
- •/etc/motd
- •/etc/mtree/*
- •/etc/namedb/*
- •/etc/newsyslog.conf
- •/etc/passwd
- •/etc/periodic.conf and /etc/defaults/periodic.conf
- •/etc/printcap
- •Working with Printcap Entries
- •/etc/profile
- •/etc/protocols
- •/etc/rc.conf and /etc/defaults/rc.conf
- •/etc/resolv.conf
- •/etc/security
- •/etc/services
- •/etc/shells
- •/etc/spwd.db
- •/etc/sysctl.conf
- •/etc/syslog.conf
- •Chapter 10: Making Your System Useful
- •Overview
- •Making Software
- •The Pain and Pleasure of Source Code
- •Debugging
- •The Ports and Packages System
- •Ports
- •Finding Software
- •Legal Restrictions
- •Using Packages
- •Installing via FTP
- •What Does a Package Install?
- •Uninstalling Packages
- •Package Information
- •Controlling Pkg_add
- •Package Problems
- •Forcing an Install
- •Using Ports
- •Installing a Port
- •Using Make Install
- •Uninstalling and Reinstalling
- •Cleaning Up with Make Clean
- •Building Packages
- •Changing the Install Path
- •Setting Make Options Permanently
- •Upgrading Ports and Packages
- •Upgrading the Ports Collection
- •Ports Collection Upgrade Issues
- •Checking Software Versions
- •Hints for Upgrading
- •Chapter 11: Advanced Software Management
- •Overview
- •Startup and Shutdown Scripts
- •Typical Startup Script
- •Using Scripts to Manage Running Programs
- •Managing Shared Libraries
- •Ldconfig
- •Running Software from the Wrong OS
- •Recompilation
- •Emulation
- •ABI Implementation
- •Foreign Software Libraries
- •Installing and Enabling Linux Mode
- •Identifying Programs
- •What Is Linux_base?
- •Adding to Linux_base
- •Configuring Linux Shared Libraries
- •Installing Extra Linux Packages as RPMs
- •What Is SMP?
- •Kernel Assumptions
- •FreeBSD 3.0 SMP
- •FreeBSD 5 SMP
- •Using SMP
- •SMP and Upgrades
- •Chapter 12: Finding Hosts With DNS
- •How DNS Works
- •Basic DNS Tools
- •The Host Command
- •Getting Detailed Information with Dig
- •Looking Up Hostnames with Dig
- •More Dig Options
- •Configuring a DNS Client: The Resolver
- •Domain or Search Keywords
- •The Nameserver List
- •DNS Information Sources
- •The Hosts File
- •The Named Daemon
- •Zone Files
- •A Real Sample Zone
- •named.conf
- •/var/named/master/absolutebsd.com
- •Making Changes Work
- •Starting Named at Boottime
- •Checking DNS
- •Named Configuration Errors
- •Named Security
- •Controlling Information Order
- •More About BIND
- •Chapter 13: Managing Small Network Services
- •Bandwidth Control
- •Configuring IPFW
- •Reviewing IPFW Rules
- •Dummynet Queues
- •Directional Traffic Shaping
- •Certificates
- •Create a Request
- •Being Your Own CA
- •Testing SSH
- •Enabling SSH
- •Basics of SSH
- •Creating Keys
- •Confirming SSH Identity
- •SSH Clients
- •Connecting via SSH
- •Configuring SSH
- •System Time
- •Setting the Time Zone
- •Network Time Protocol
- •Ntpdate
- •Ntpd
- •Inetd
- •/etc/inetd.conf
- •Configuring Programs in Inetd
- •Inetd Security
- •Starting Inetd
- •Changing Inetd's Behavior
- •Chapter 14: Email Services
- •Email Overview
- •Where FreeBSD Fits In
- •The Email Protocol
- •Email Programs
- •Who Needs Sendmail?
- •Replacing Sendmail
- •Installing Postfix
- •Pieces of Postfix
- •Configuring Postfix
- •Email Aliases
- •Email Logging
- •Virtual Domains
- •Postfix Commands
- •Finding the Correct Mail Host
- •Undeliverable Mail
- •Installing POP3
- •Testing POP3
- •POP3 Logging
- •POP3 Modes
- •Qpopper Preconfiguration Questions
- •Default Qpopper Configuration
- •APOP Setup
- •Configuring Pop3ssl
- •Qpopper Security
- •Chapter 15: Web and FTP Services
- •Overview
- •How a Web Server Works
- •The Apache Web Server
- •Apache Configuration Files
- •Configuring Apache
- •Controlling Apache
- •Virtual Hosting
- •Tweaking Virtual Hosts
- •.NET on FreeBSD
- •Installing the SSCLI
- •FTP Security
- •The FTP Client
- •The FTP Server
- •Chapter 16: Filsystems and Disks
- •Device Nodes
- •Hard Disks and Partitions
- •The /etc/fstab File
- •Disk Basics
- •The Fast File System
- •Vnodes
- •FFS Mount Types
- •FFS Mount Options
- •What's Mounted Now?
- •Dirty Disks
- •Fsck
- •Mounting and Unmounting Disks
- •Mounting Standard Filesystems
- •Mounting with Options
- •Mounting All Standard Filesystems
- •Mounting at Nonstandard Locations
- •Unmounting
- •Soft Updates
- •Enabling Soft Updates
- •IDE Write Caching and Soft Updates
- •Virtual Memory Directory Caching
- •Mounting Foreign Filesystems
- •Using Foreign Mounts
- •Foreign Filesystem Types
- •Mount Options and Foreign Filesystems
- •Filesystem Permissions
- •Removable Media and /etc/fstab
- •Creating a Floppy
- •Creating an FFS Filesystem
- •The Basics of SCSI
- •SCSI Types
- •SCSI Adapters
- •SCSI Buses
- •Termination and Cabling
- •SCSI IDs and LUNs
- •FreeBSD and SCSI
- •Wiring Down Devices
- •Adding New Hard Disks
- •Creating Slices
- •Creating Partitions
- •Configuring /etc/fstab
- •Installing Existing Files onto New Disks
- •Temporary Mounts
- •Moving Files
- •Stackable Mounts
- •Chapter 17: RAID
- •Hardware vs. Software RAID
- •RAID Levels
- •Software RAID
- •Vinum Disk Components
- •Vinum Plex Types
- •Preparing Vinum Drives
- •Dedicating Partitions to Vinum
- •Configuring Vinum
- •Concatenated Plex
- •Removing Vinum Configuration
- •Striped Volumes
- •Mirrored Volumes
- •Starting Vinum at Boot
- •Other Vinum Commands
- •Replacing a Failed Mirrored Plex
- •Chapter 18: System Performance
- •Overview
- •Computer Resources
- •Disk Input/Output
- •Network Bandwidth
- •CPU and Memory
- •Using Top
- •Memory Usage
- •Swap Space Usage
- •CPU Usage
- •When Swap Goes Bad
- •Paging
- •Swapping
- •Are You Swapping or Paging?
- •Fairness in Benchmarking
- •The Initial Test
- •Using Both CPUs
- •Directory Caching
- •Moving /usr/obj
- •Lessons Learned
- •Chapter 19: Now What's It Doing?
- •Status Mails
- •Forwarding Reports
- •Logging with Syslogd
- •Facilities
- •Levels
- •Syslog.conf
- •Wildcards
- •Rotating Logs with Newsyslog.conf
- •Reporting with SNMP
- •Basics of SNMP
- •MIBs
- •Snmpwalk
- •Specific Snmpwalk Queries
- •Translating Between Numbers and Names
- •Setting Up Snmpd
- •Index Numbers
- •Configuring MRTG
- •Sample mrtg.cfg Entry
- •Testing MRTG
- •Tracking Other System Values
- •Monitoring a Single MIB
- •Customizing MRTG
- •MRTG Index Page
- •Sample MRTG Configurations
- •Chapter 20: System Crashes and Panics
- •What Causes Panics?
- •What Does a Panic Look Like?
- •Responding to a Panic
- •Prerequisites
- •Crash Dump Process
- •The Debugging Kernel
- •kernel.debug
- •Dumpon
- •Savecore
- •Upon a Crash
- •Dumps and Bad Kernels
- •Using the Dump
- •Advanced Kernel Debugging
- •Examining Lines
- •Examining Variables
- •Apparent Gdb Weirdness
- •Results
- •Vmcore and Security
- •Symbols vs. No Symbols
- •Serial Consoles
- •Hardware Serial Console
- •Software Serial Console
- •Changing the Configuration
- •Using a Serial Console
- •Serial Login
- •Emergency Logon Setup
- •Disconnecting the Serial Console
- •Submitting a Problem Report
- •Problem Report System
- •What's in a PR?
- •Filling Out the Form
- •PR Results
- •Chapter 21: Desktop FreeBSD
- •Overview
- •Accessing File Shares
- •Prerequisites
- •Character Sets
- •Kernel Support for CIFS
- •SMB Tools
- •Configuring CIFS
- •Minimum Configuration: Name Resolution
- •Other smbutil Functions
- •Mounting a Share
- •Other mount_smbfs Options
- •Sample nsmb.conf Entries
- •CIFS File Ownership
- •Serving Windows File Shares
- •Accessing Print Servers
- •Running a Local Lpd
- •Printer Testing
- •Local Printers
- •X: A Graphic Interface
- •X Prerequisites
- •X Versions
- •Configuring X
- •Making X Look Decent
- •Desktop Applications
- •Web Browsers
- •Email Readers
- •Office Suites
- •Music
- •Graphics
- •Desk Utilities
- •Games
- •Afterword
- •Overview
- •The Community
- •What Can You Do?
- •Getting Things Done
- •Second Opinions
- •Appendix: Some Useful SYSCTL MIBs
- •List of Figures
- •Chapter 1: Installation
- •Chapter 5: Networking
- •Chapter 6: Upgrading FreeBSD
- •Chapter 19: Now What's It Doing?
- •List of Tables
- •Chapter 4: Kernel Games
- •Chapter 5: Networking
- •Chapter 8: Advanced Security Features
- •Chapter 9: Too Much Information About /etc
- •List of Sidebars
- •Chapter 15: Web and FTP Services
I'm browsing, I'm only one person and cannot possibly open more files or make more network connections than a maxusers of 16 can support. On a busy Internet server, though, I might kick this value up to 256; this is high enough that the server will prepare to handle thousands of network connections and open files.
If your maxusers value is too low, the system will start to be unable to handle all your files and network connections. The kernel will notice that it cannot handle all these requests, and will log errors. You'll start to get warnings on the console and in /var/log/messages telling you quite explicitly to increase maxusers.
Don't raise maxusers above 256, though, unless you have an insane number of files on a single partition (millions, for example) or you push multiple T1s of bandwidth.
Basic Options
Following the maxusers value in the config file, there are a variety of basic options, including things like INET for TCP/IP support, and FFS for UNIX filesystem support. You'll also encounter rarely used ones that you can remove. We won't discuss all the kernel options, but merely some specific examples from different types of options and some of the more common options. I'll specifically mention ones that can be trimmed from an Internet server.
Consider the following options:
...............................................................................................
options MATH_EMULATE
...............................................................................................
Older CPUS (specifically the 386 and the 486SSX) have no math co−processor. If your system lacks a math co−processor, you should leave MATH_EMULATE in so your kernel will emulate a math co−processor in software. Any modern CPU will have a math co−processor, however, and if that's true in your case, you can cut it.
...............................................................................................
options INET
...............................................................................................
The INET option provides support for network protocols, such as TCP/IP. Keep this one.
...............................................................................................
options INET6 #IPv6 communications protocols
...............................................................................................
If you're using IPv6, you need INET6. If not, cut it.
...............................................................................................
options FFS
...............................................................................................
83
The FFS option specifies UNIX Fast Filesystem, FreeBSD's default. Keep it.
...............................................................................................
options SOFTUPDATES
...............................................................................................
Softupdates is a method for ensuring disk integrity with FFS. (We'll discuss soft−updates at some length in Chapter 13.) Keep this line unless you specifically decide against using softupdates.
...............................................................................................
options MD_ROOT
...............................................................................................
If you use MFS to build diskless workstations, you need the MD_ROOT option. Otherwise, give it the axe.
...............................................................................................
options |
NFS |
options |
NFS_ROOT |
...............................................................................................
These two options support the Network File System. The NFS_ROOT option allows you to boot off an NFS drive, rarely used in Internet servers. You can delete both entries if you aren't using NFS.
...............................................................................................
options MSDOSFS
...............................................................................................
The MSDOSFS option supports MS−DOS−formatted filesystems and floppies. If you mount or unmount MS−DOS floppy disks, or if you are sharing your hard drive with a Microsoft operating system, you might want this option. You can also temporarily load this functionality with the msdos.ko module.
...............................................................................................
options |
CD9660 |
...............................................................................................
The CD9660 option supports the standard CD−ROM filesystem. Like the MSDOS filesystem, you can temporarily load and unload this functionality with the cd9660.ko module.
...............................................................................................
options |
PROCFS |
options |
COMPAT_43 |
...............................................................................................
If you remove the preceding two lines, your system will break. Many user programs rely on BSD4.3 functions. The COMPAT_43 option provides kernel compatibility with BSD4.3. Similarly,
84
process−monitoring programs rely on the process file system (PROCFS).
...............................................................................................
options SCSI_DELAY=15000
...............................................................................................
The SCSI_DELAY option specifies the number of milliseconds FreeBSD waits after finding your SCSI controllers before probing the SCSI devices, giving them a chance to spin up. If you don't have any SCSI hardware, you can delete this line. If you have new SCSI hardware, you can reduce this setting to 5000 (5 seconds) or lower.
...............................................................................................
options UCONSOLE
...............................................................................................
Some programs allow users to look at the system console in an X Windows terminal. The UCONSOLE option is the kernel support for that feature. You can delete this line if you aren't using X, or if you don't have this system set up as a desktop.
...............................................................................................
options |
USERCONFIG |
options |
VISUAL_USERCONFIG |
...............................................................................................
These two userconfig lines allow you to enable and disable devices before your kernel boots. While you don't absolutely need them, when you read some FreeBSD hardware documentation that says "set this in userconfig," you'll regret not having them.
...............................................................................................
options KTRACE
...............................................................................................
The KTRACE option enables kernel−level tracing. Keep it unless you know exactly what it is and what you're doing.
...............................................................................................
options |
SYSVSHM |
options |
SYSVMSG |
options |
SYSVSEM |
...............................................................................................
The preceding three options support System V−style interprocess communication, and many applications expect to have them. They can also be loaded as modules.
...............................................................................................
options |
P1003_1B |
options |
_KPOSIX_PRIORITY_SCHEDULING |
85
...............................................................................................
The two lines support kernel POSIX functions, and many programs expect to find POSIX features in the kernel.
Multiple Processors
If your system has multiple processors, you need the following kernel options:
...............................................................................................
options |
SMP |
# |
Symmetric |
MultiProcessor Kernel |
options |
APIC_IO |
# |
Symmetric |
(APIC) I/O |
...............................................................................................
The SMP option tells the kernel to use the appropriate code for multiple processors; APIC_IO handles input and output for SMP kernels.
When you're building an SMP kernel, remove the I386_CPU and I486_CPU from your kernel configuration. FreeBSD only supports SMP on systems that fit the Intel SMP specification, and this specification does not support SMP with 386 or 486 chips.
If you do not have multiple processors, leave these options commented out!
Device Entries
After the options entries in the config file, you'll find device entries, which are grouped in fairly obvious ways.
Bus Entries
The first device entries are bus entries, such as device pci and device isa. Keep these, unless you truly don't have that sort of bus in your system. (You might be surprised at the number of "legacy−free" systems that have an ISA bus hidden somewhere in their innards; for example, my brand−new laptop has an old−fashioned ISA bus hidden in it.) The EISA device, however, can probably be removed on modern computers.
Interfaces
The IDE/ATAPI interfaces and devices are next (we saw an example of these at the beginning of the "Editing Kernel Files" section). Even if your system has no IDE devices, it's probably a good idea to keep the "device ata", especially since most motherboards have an IDE controller or two on them. You can eliminate entries for any IDE devices you don't have.
Next are the SCSI controllers and cards, used for SCSI features, including those needed by parallel port Zip disks and USB storage devices. If you don't have any of these devices, this whole section can go away. If you're using SCSI, just remove the controllers you don't have.
86
...............................................................................................
# SCSI Controllers |
|
|
|
device |
ahb |
# EISA AHA1742 family |
|
device |
ahc |
# AHA2940 and onboard |
AIC7xxx devices |
. . . |
|
|
|
...............................................................................................
After the SCSI section, you'll find a few lines of device drivers for such mundane things as keyboards, monitors, your PS/2 port, and so on. Don't delete these.
The network card list comes next; it is quite long and looks much like the SCSI and IDE sections. If you're not going to replace your network card any time soon, get rid of the drivers from any hardware you don't have. If your system doesn't have any ISA slots in it, you can certainly delete all of the ISA drivers.
Pseudo−Devices
Near the bottom of the GENERIC kernel, you'll find a list of pseudo−devices. As the name might suggest, these are created entirely of software. For example, when you telnet or SSH (see Chapter 13) into the system remotely, the system has to have a way to keep track of your terminal session, send characters to it, and read what you type. It wants to treat your remote connection just as it treats the physical monitor and keyboard attached to the system. To do so, it uses a pseudo−device called a pseudo−terminal. Because the kernel treats these much like devices, we call them pseudo−devices.
Here's one, for example:
...............................................................................................
pseudo−device loop
...............................................................................................
This is the loopback interface, lo0, a network interface that points back to the local machine. If you remove it, many pieces of software will break in interesting ways. This can be very educational, but you don't want to do this in a production system.
...............................................................................................
pseudo−device ether
...............................................................................................
The ether pseudo−device provides general Ethernet support. You probably want it.
...............................................................................................
pseudo−device sl
...............................................................................................
The sl pseudo−device is for Serial Line Internet Protocol (SLIP). It is an old protocol that has been replaced by Point−to−Point Protocol (PPP). You probably don't need this unless your ISP requires
87
it. |
|
|
............................................................................................... |
||
pseudo−device |
ppp |
1 |
............................................................................................... |
The ppp pseudo−device is for kernel−based PPP. Kernel−based PPP has fallen out of favor, being supplanted by userland PPP. You probably don't need this.
If you do want to use kernel PPP, the number after "ppp" is the number of PPP devices to create.
...............................................................................................
pseudo−device tun
...............................................................................................
The tun pseudo−device is the logical packet tunnel. Various programs use this to sneak packets in and out of the kernel. You need this for userland PPP (regular dial−up connections).
...............................................................................................
pseudo−device pty
...............................................................................................
The pty pseudo−devices are pseudo−terminals, used for things like telnet connections, and so on. You want these.
...............................................................................................
pseudo−device md
...............................................................................................
The md pseudo−device is for memory disks. Again, if you're not using memory disks, you don't need them. For most (but not all) Internet servers, memory disks are just a waste of RAM. However, a very few special−purpose servers (such as, anonymous CVS servers) need memory disks.
...............................................................................................
pseudo−device gif pseudo−device faith pseudo−device bpf
...............................................................................................
The bpf pseudo−device is the Berkley Packet Filter, which allows you to examine packets on your network. It's used for packet sniffers and for the DHCP client and server. If you don't need any of those, turn this off.
88